JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Developer's Guide to Oracle Solaris 11 Security     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

1.  Oracle Solaris Security for Developers (Overview)

2.  Developing Privileged Applications

Privileged Applications

About Privileges

How Administrators Assign Privileges

How Privileges Are Implemented

Permitted Privilege Set

Inheritable Privilege Set

Limit Privilege Set

Effective Privilege Set

Compatibility Between the Superuser and Privilege Models

Privilege Categories

Programming with Privileges

Privilege Data Types

Privilege Interfaces

setppriv(): for Setting Privileges

priv_str_to_set() for Mapping Privileges

Privilege Coding Example

Privilege Bracketing in the Superuser Model

Privilege Bracketing in the Least Privilege Model

Guidelines for Developing Privileged Applications

About Authorizations

3.  Writing PAM Applications and Services

4.  Writing Applications That Use GSS-API

5.  GSS-API Client Example

6.  GSS-API Server Example

7.  Writing Applications That Use SASL

8.  Introduction to the Oracle Solaris Cryptographic Framework

9.  Writing User-Level Cryptographic Applications

10.  Introduction to the Oracle Solaris Key Management Framework

A.  Secure Coding Guidelines for Developers

B.  Sample C-Based GSS-API Programs

C.  GSS-API Reference

D.  Specifying an OID

E.  Source Code for SASL Example

F.  SASL Reference Tables

Glossary

Index

Privileged Applications

A privileged application is an application that can override system controls and check for specific user IDs (UIDs), group IDs (GIDs), authorizations, or privileges. These access control elements are assigned by system administrators. For a general discussion of how administrators use these access control elements, see Chapter 8, Using Roles and Privileges (Overview), in Oracle Solaris 11.1 Administration: Security Services.

The Oracle Solaris operating system provides developers with two elements that enable a finer-grained delegation of privileges:

The difference between authorizations and privileges has to do with the level at which the policy of who can do what is enforced. Privileges are enforced at the kernel level. Without the proper privilege, a process cannot perform specific operations in a privileged application. Authorizations enforce policy at the user application level. An authorization might be required for access to a privileged application or for specific operations within a privileged application.